In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
The docker engine is very powerful and includes network-driven support for containers. The default docker provides bridging (bridge) and overlay network (overlay).
Bridging: physical network cards and virtual network cards are bridged through virtual switching in the virtual network to communicate with the outside world.
Overlay network: for the time being, we can only see from the official that it is a network using vxlan technology, and swarm will be more secure when using this kind of encrypted network.
1. Normally, if you do not use swarm to create an overlay network, you need to install kvstore services to support selection, such as consul,etcd and zookeeper.
two。 A cluster host connects to the kvstore
3. Configure the daemon of the cluster engine on each swarm
Note: if subnets are duplicated or overwritten when using an overlay network, the container may not be able to use the network
Each user who installs docker generates three networks locally as follows:
[root@salt-node1 nginx-new] # docker network ls
NETWORK ID NAME DRIVER SCOPE
B60c9e065473 bridge bridge local
A603808ad4ba host host local
48d3687c03f0 none null local
Bridge network card you docker the default network card, unless you specify to use a different network method.
[root@salt-node1nginx-new] # docker run-itd-- name=networktest training/webappf959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e to view all the information segments and gateways in the bridged network Container IP [root@salt-node1nginx-new] # docker network inspectbridge [{"Name": "bridge", "Id": "b60c9e065473e9d0f8b5eaffc520b681d812e3edd4105cdeba39b5e09bb81ba0", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {"Driver": "default", "Options": null "Config": [{"Subnet": "172.17.0.0 false 16", "Gateway": "172.17.0.1"}]}, "Internal": false "Containers": {"846953219c6d32025f2ec9b95ea57d50c2f6cc04fbf92047b8a0e5789d623026": {"Name": "zen_varahamihira", "EndpointID": "d2f6b8fdfa73fc369c5c77465f79f9d7ada17d9d612b5397a3da227a5e133c1b", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2 IPv6Address 16", "IPv6Address": ""} "f959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e": {"Name": "networktest", "EndpointID": "3017afc38daac830d872606ffafe5254a408e30e2b10a5c65b0977ba60018c38", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3 02:42:ac:11:00:03 16", "IPv6Address": ""}} "Options": {"com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0" "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500"} "Labels": {}}] [root@salt-node1nginx-new] # docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESf959f1626b03 training/webapp "python app.py" 4 minutes ago Up 4 minutes 5000/tcp networktest846953219c6d training/webapp "python app.py" 25 hours ago Up 25 hours 0.0.0.0 hours 32768-> 5000/tcp zen_varahamihira removes the specified container from the bridging network [root@salt-node1nginx-new] # docker network disconnect bridge networktest to create a bridging network of its own
Docker engine is born with bridging network and overlay network, docker bridging network is limited to stand-alone operation, if there is a multi-machine cluster, there will be a problem. At this time, the overlay network can better meet your needs, it can include multiple hosts, it is an advanced topic.
Docker network create-d [network type] [network name]
[root@salt-node1nginx-new] # docker network create-d bridge nginxs-bridge-networkb67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62 [root@salt-node1nginx-new] # docker network lsNETWORK ID NAME DRIVER SCOPEb60c9e065473 bridge bridge local a603808ad4ba host host local b67220ae9284 nginxs-bridge- Network bridge local 48d3687c03f0 none null local
View new network information
[root@salt-node1nginx-new] # docker network inspect nginxs-bridge-network [{"Name": "nginxs-bridge-network", "Id": "b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {"Driver": "default", "Options": {} "Config": [{"Subnet": "172.18.0.0 Containers 16", "Gateway": "172.18.0.1 Options 16"}]}, "Internal": false, "Containers": {}, "Options": {} "Labels": {}}] add a container to the specified network
It is safe to create a network so that your web application can be isolated from a blocked network. You can add a container to a new network when you run it for the first time. By default, the two containers that bridge the network cannot communicate with each other at all. It will be introduced if the specified containers under the two networks can communicate with each other.
Parameters:-- net= [network name] [root@salt-node1nginx-new] # docker run-d-- net=nginxs-bridge-network-- name dbtraining/postgresUnable to find paired walled picpathogical setting setting locallylatest: Pulling fromtraining/postgresa3ed95caeb02: Pullcomplete6e71c809542e: Pullcomplete2978d9af87ba: Pullcomplete500b6decf741: Pullcomplete74b14ef2151f: Pullcomplete7afd5ed3826e: Pullcomplete3c69bb244f5e: Pullcompleted86f9ec5aedf: Pullcomplete010fabf20157: PullcompleteDigest:sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907eStatus: Downloadednewer p_w_picpath for training/postgres:latest4b0bc86f18596e6c24a505a40c759e09c1fd7520a487bf2f278348c641c5240f
View the network configuration of the specified container
[root@salt-node1nginx-new] # docker inspect-- format=' {{json .NetworkSettings.networks}}'db {"nginxs-bridge-network": {"IPAMConfig": null, "Links": null, "Aliases": ["4b0bc86f1859"], "NetworkID": "b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62", "EndpointID": "99b9f2f973335447640639e146614ab6f4857b0d1e30f5ed6f9b507f645e137a", "Gateway": "172.18.0.1", "IPAddress": "172.18.0.2", "IPPrefixLen": 16, "IPv6Gateway": "," GlobalIPv6Address ":", "GlobalIPv6PrefixLen": 0 "MacAddress": "02:42:ac:12:00:02"}} [root@salt-node1 ~] # docker inspect-- format=' {{range.NetworkSettings.Networks}} ``. `IPAddress``end` 'db172.18.0.2 specifies that the container can connect to the specified network
Docker network connect [network name] [CONTAINER NAME]
[root@salt-node1 ~] # docker network connect nginxs-bridge-network db2 [root@salt-node1nginx-new] # docker exec-it db2 bashroot@cf9b593a29bc:/#ping 172.18.0.2PING 172.18.0.2 (172.18.0.2) 56 (84) bytes of data.64 bytes from172.18.0.2: icmp_seq=74 ttl=64 time=0.130 ms64 bytes from172.18.0.2: icmp_seq=75 ttl=64 time=0.116 ms64 bytes from172.18.0.2: icmp_seq=76 ttl=64 time=0.119 ms
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
